Open-source intelligenceon your digital footprint.

Clearfront scans every public data source, maps how the evidence connects, and an AI security analyst tells you what your exposure means.

30 tools3,400+ sites traced100% open source$0 to run
git clone https://github.com/scottmartinanderson/clearfront.git
The Clearfront console running a self-check across its collection tools.The Clearfront console running a self-check across its collection tools.
What it is

Give Clearfront an email, username, phone number, domain, or IP. In one sweep it scans every public data source, connects what it finds, and an AI security analyst compiles it into a report with the source, confidence, and severity on every line.

Check your own exposure, or run an authorized investigation.

Four ways to run it
  • REPLAsk it to check an email, a username, or a domain; it runs the tools, follows the leads, and writes the report.
  • CLIScriptable one-shot lookups for quick checks and automation.
  • WebA browser console with the full chat UI and the live evidence graph.
  • MCPPlug Clearfront into Claude Code or Claude Desktop as a tool server.
Usage

Hand the AI security analyst a target, or call any tool yourself from the shell.

Terminal
clearfront # start the interactive AI security analyst
clearfront email jane@example.com # or run one-shot lookups
clearfront username johndoe99
clearfront ip 8.8.8.8
clearfront web # or open the browser console

Or run it as an MCP server inside Claude Code or Claude Desktop.

claude_desktop_config.json
{
"mcpServers": {
"clearfront": {
"command": "clearfront-mcp"
}
}
}
Tools

All 30 tools run in a single sweep. Each returns a real result the AI security analyst can verify, grouped here by discipline.

Identity & accounts
  • search_usernameReused handles across 3,400+ sites
  • search_maigretDeep profile details from matched accounts
  • search_footprintPublic search-engine footprint for a target
  • search_githubPublic repos, commits, and leaked keys
  • search_gravatarAvatars and profiles from an email hash
Email & breaches
  • search_emailWhich sites an email is registered on
  • search_emailrepReputation, deliverability, and risk flags
  • search_breachAppearances in known data breaches
  • search_hudsonrockExposure in infostealer-malware logs
  • search_pasteLeaked data in public paste dumps
  • search_cryptoOn-chain balance and activity for a wallet
Domains & DNS
  • search_domainSubdomains of a target domain
  • search_whoisRegistrant, registrar, and key dates
  • search_dnsDNS records and mail-security config
  • search_crtSubdomains from certificate transparency
  • search_waybackHistorical and deleted pages from the archive
  • search_harvesterEmails and hosts for a domain
Network & threat intel
  • search_ipGeolocation, ASN, and host details
  • search_exposureReverse DNS, blocklists, and VPN/proxy risk
  • search_shodanInternet-exposed devices and services
  • search_censysHosts, certificates, and exposed services
  • search_ip2locationGeolocation and VPN/proxy detection
  • search_abuseipdbAbuse reports and blocklist status
  • search_greynoiseMass-scanner noise vs. targeted actor
  • search_virustotalMalware and reputation verdicts
Phone & media
  • search_phoneCarrier, country, and line type
  • search_exifGPS and metadata hidden in photos
Dorking & fetch
  • generate_dorksTargeted Google dork queries
  • search_dorks_liveRuns the dorks and returns live hits
  • scrape_urlPulls and parses any page for the AI security analyst
How it works

Clearfront maps your whole digital footprint into a graph you can explore. Every account, breach, and domain becomes a point on a force-directed graph, and every shared email, reused username, or repeated IP becomes a link between them.

The algorithm clusters related data points, so a scattered digital footprint settles into a clear, connected picture where you can see where the real risk sits. Click any node to ask the AI security analyst to dig deeper, and the evidence graph grows with every new connection it finds.

Initializing graph…
drag to rotate · scroll to zoom · click a node
The deliverable

Not a list of links. A structured intelligence report. Calibrated confidence, severity, and source reliability on every finding.

CLEARFRONT · Intelligence ReportSample · synthetic subject
Intelligence Summary

The email j.reyes@example.com very likely belongs to a single individual, Jordan E. Reyes, with a footprint spanning ten familiar platform accounts, two personal domains, one active company, and two dissolved companies. Credentials tied to the subject appear in infostealer logs and three known breaches, and a home address and phone are indexed on four data-broker sites.

Confidence: high, based on seven URL-verified accounts and two live breach-database hits. The company links are moderate confidence, drawn from indexed registry records rather than live results.

9 sources10 accounts3 breaches
Built for privacy first

Clearfront runs entirely on your own machine, with your own API keys. Your targets, your findings, and everything it collects stay on your device. We never see or store your data.

Install

Clone it, install it, set an API key, and run. Free and open source, nothing to sign up for.

Terminal
git clone https://github.com/scottmartinanderson/clearfront.git
cd clearfront
pip install -e .
export ANTHROPIC_API_KEY=sk-ant-...
clearfront # interactive REPL
clearfront web # browser console

Runs on macOS, Linux, and Windows with Python 3.10 or newer.

Works with Claude, OpenAI, or a fully local model through Ollama. Set the key for whichever you use, or run entirely on Ollama with no key at all.

A few collection tools use external binaries. Install holehe, sherlock, maigret, sublist3r, phoneinfoga, and exiftool to enable them.

Extra API keys (Shodan, HIBP, VirusTotal, and others) are optional and unlock more sources.

Access
  • Open sourceSelf-hosted · free foreverRecommended

    Your digital footprint is public. Map every trace of it.

    • -30 OSINT tools + AI security analyst
    • -Algorithm-linked 3D evidence graph
    • -100% local, we never see your data
    Install ↓

    No sign-up required.

  • CloudHosted · pre-launch

    Your exposure, instantly, in the browser.

    • -Hosted, nothing to install
    • -Managed keys, or bring your own
    • -Your digital footprint exposure at a glance
    Join the waitlist →
  • OperatorManaged · by request

    OSINT built into your stack, done for you.

    • -Integrated with your SOC, threat-intel, or AI stack
    • -Keys and custom workflows configured
    • -Ongoing threat monitoring and support
    Get in touch →
License

Clearfront is released under the MIT license. Use it, change it, build on it, and ship it in commercial or closed-source work. No fee, no sign-up, free for any use.

Read the full license.

FAQ

Not ready to install Clearfront?

Scrub your digital footprint off the internet.

Your personal data is still public. Claude can find it and complete the removals for you, on autopilot for free.

No spam, unsubscribe anytime.